hAPI-hacker/Hacking-APIs

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/hAPI-hacker/Hacking-APIs)

hAPI-hacker / Hacking-APIs

☆425

Alternatives and similar repositories for Hacking-APIs

Users that are interested in Hacking-APIs are comparing it to the libraries listed below

Sorting:

assetnote / kiterunner
View on GitHub
Contextual Content Discovery Tool
☆3,121Apr 29, 2024Updated last year
DevSlop / Pixi
View on GitHub
The Pixi module is a MEAN Stack web app with wildly insecure APIs!
☆133Dec 22, 2022Updated 3 years ago
xnl-h4ck3r / xnLinkFinder
View on GitHub
A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets
☆1,532Mar 8, 2026Updated last week
marmicode / websheep
View on GitHub
🐑 Websheep is an app based on a willingly vulnerable ReSTful APIs.
☆57Mar 25, 2024Updated last year
arainho / awesome-api-security
View on GitHub
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the communit…
☆3,653Nov 23, 2025Updated 3 months ago
Karanxa / Bug-Bounty-Wordlists
View on GitHub
A repository that includes all the important wordlists used while bug hunting.
☆1,386Mar 11, 2023Updated 3 years ago
chrislockard / api_wordlist
View on GitHub
A wordlist of API names for web application assessments
☆871Jun 17, 2025Updated 9 months ago
OWASP / crAPI
View on GitHub
completely ridiculous API (crAPI)
☆1,451Mar 5, 2026Updated 2 weeks ago
optiv / rest-api-goat
View on GitHub
☆84May 1, 2023Updated 2 years ago
s0md3v / Arjun
View on GitHub
HTTP parameter discovery suite.
☆6,142Feb 20, 2025Updated last year
streaak / keyhacks
View on GitHub
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
☆6,101Aug 14, 2024Updated last year
inonshk / 31-days-of-API-Security-Tips
View on GitHub
This challenge is Inon Shkedy's 31 days API Security Tips.
☆2,231Apr 20, 2022Updated 3 years ago
daffainfo / AllAboutBugBounty
View on GitHub
All about bug bounty (bypasses, payloads, and etc)
☆6,665Sep 8, 2023Updated 2 years ago
laluka / bypass-url-parser
View on GitHub
bypass-url-parser
☆1,118Updated this week
lutfumertceylan / top25-parameter
View on GitHub
For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
☆1,820Jun 9, 2024Updated last year
xnl-h4ck3r / waymore
View on GitHub
Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan, VirusTotal, GhostArchive & Intelligence X!
☆2,568Mar 8, 2026Updated last week
devploit / nomore403
View on GitHub
🚫 Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast…
☆1,551Mar 10, 2026Updated last week
Net-hunter121 / API-Wordlist
View on GitHub
☆251May 25, 2021Updated 4 years ago
brosck / mantra
View on GitHub
「🔑」A tool used to hunt down API key leaks in JS files and pages
☆864Mar 12, 2026Updated last week
ticarpi / jwt_tool
View on GitHub
A toolkit for testing, tweaking and cracking JSON Web Tokens
☆6,435May 1, 2025Updated 10 months ago
nicholasaleks / graphql-threat-matrix
View on GitHub
GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations
☆351Jul 1, 2025Updated 8 months ago
initstring / cloud_enum
View on GitHub
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
☆2,034Jul 12, 2025Updated 8 months ago
NagliNagli / Shockwave-OSS
View on GitHub
☆756Jun 26, 2024Updated last year
Sh1Yo / x8
View on GitHub
Hidden parameters discovery suite
☆2,033Sep 8, 2024Updated last year
Cyber-Guy1 / Subdomainer
View on GitHub
Automated tool for domains & subdomains gathering
☆191Jan 30, 2026Updated last month
GerbenJavado / LinkFinder
View on GitHub
A python script that finds endpoints in JavaScript files
☆4,300Apr 13, 2024Updated last year
dolevf / Damn-Vulnerable-GraphQL-Application
View on GitHub
Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practis…
☆1,677May 24, 2025Updated 9 months ago
six2dez / OneListForAll
View on GitHub
Rockyou for web fuzzing
☆3,087Mar 11, 2026Updated last week
dolevf / Black-Hat-GraphQL
View on GitHub
The Black Hat GraphQL Book Repository
☆282Jul 19, 2025Updated 8 months ago
daffainfo / all-about-apikey
View on GitHub
Detailed information about API key / OAuth token (Description, Request, Response, Regex, Example)
☆289Sep 26, 2023Updated 2 years ago
random-robbie / wayback-saver
View on GitHub
Saves pages to Wayback machine
☆12Dec 2, 2024Updated last year
nikitastupin / clairvoyance
View on GitHub
Obtain GraphQL API schema even if the introspection is disabled
☆1,407Dec 5, 2025Updated 3 months ago
ferreiraklet / Jeeves
View on GitHub
Jeeves SQLI Finder
☆216May 13, 2022Updated 3 years ago
ayadim / Nuclei-bug-hunter
View on GitHub
i will upload more templates here to share with the comunity.
☆569Apr 17, 2024Updated last year
p0dalirius / webapp-wordlists
View on GitHub
This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contai…
☆534Dec 4, 2024Updated last year
kleiton0x00 / Advanced-SQL-Injection-Cheatsheet
View on GitHub
A cheat sheet that contains advanced queries for SQL Injection of all types.
☆3,156May 13, 2023Updated 2 years ago
xplo1t-sec / scopy
View on GitHub
Filter URLs that match your scope file for bugbounty.
☆11May 23, 2023Updated 2 years ago
KingOfBugbounty / KingOfBugBountyTips
View on GitHub
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens…
☆5,244Mar 13, 2026Updated last week
Dheerajmadhukar / 4-ZERO-3
View on GitHub
403/401 Bypass Methods + Bash Automation + Your Support ;)
☆1,580Jun 6, 2022Updated 3 years ago